sudo - Regain access to Ubuntu server

08
2014-07
  • ktsangop

    I did a stupid mistake on my Ubuntu virtual server (Amazon). I was messing around with /etc/passwd & /etc/group files and i am about to lock my self out of the server for good. I have a copy of the original passwd+group files but i cannot copy them back because every time i try to sudo i get : 

    sudo: unknown uid 1000: who are you?

    I am still logged in. Is there anything i can try? I am afraid that after i log out there is no way to bring it back.

    Thanks in advance.

    • Answers
  • mtak

    Unless you know the root password you won't be able to get root access to fix the /etc/passwd and /etc/group files. What you could do is:

    1. Stop the instance
    2. Create a new instance with the same AMI id
    3. Disconnect the volume from the first instance and connect it to the new instance
    4. Mount the volume and fix the config files
    5. Umount and disconnect the original instance's volume
    6. Connect the volume to the original instance

    A more specific guide can be found at http://amazonserver.blogspot.nl/2013/01/recover-broken-amazon-ec2-instance.html


    • Related Question

    How could my Ubuntu root password change without my knowledge and how do I regain control?
  • Shine

    Lo and behold, I log into my machine today, as every day, su root and it doesn't accept my root password any more. How could that possibly happen, assuming I didn't sleepwalk over to my machine during the night and change the password before going back to bed? Is it possible for me to regain control of this machine or is it game over?


    • Related Answers
  • weeheavy

    You can regain control by:

    • Booting in single user mode (on grub, edit actual kernel by pressing e, add "single" at the end, boot with b
    • Boot a live CD, chroot (google this)
    • in both ways, then change your password

    But: If you can't recall yourself changing the password, reinstall that machine!

  • Benjamin Bannier

    In Ubuntu you are probably still a "sudoer", so you should be able to use sudo with your user password (not the root one). From there you are then able to reset root's password.

    $ sudo passwd
  • fymita

    Before you reload your system try using chage to see when the password was changed (if it was) or if its simply expired. You can also check /var/log/secure.

    reinstalling a system simply because the password expired would be pretty silly.

  • roger

    I have had "password" issues when my root directory (/) is 100% full.

    I run a cron script which rsyncs to an external hard drive which wasn't mounted at runtime. rsync doesn't care what device/partition the directory is mapped to, so it went ahead and filled up /external_hd. Normally, /external_hd is the 1TB device sitting on top of my computer tower. But when it's not mounted (e.g. the external hard drive is not on), the directory is still there, so it writes to the / partition (by default it'd create the directory anyway, I believe). Next time I restarted I couldn't log in to Ubuntu, getting an error on user name/password. Once I deleted files, everything worked as expected.

    I've also had this issue when running Amazon's MP3 downloader and a full /. It gives you a permissions type error and running the app under gksudo doesn't solve it.

    Eventually, I stopped being so lazy and changed the script to skip rsyncing to external if it wasn't mounted.

  • Jan.

    I like the solution of "honk" but you can shorten that: sudo passwd is enough to change the password of root. :-)

    (Can't comment" on his answer, so I'm posting a new one)